This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

infinite loop : config problem?

Sep 8th, 2006, 02:10 AM

Hi,

I've been working on setting up the acegi security stuff for the last day, and everything seems very clear to me. The only thing I don't understand is acegi going into an infinite loop, after login, or when trying to acces a secured page, when I've not been logged in. I've implemented the functions to retrieve the user and getting the userbyUsername. And these functions are being called in the correct order. I'll post my security.xml here, and if somebody can help me... always apreciated...
regards,

You apply security to the login page itself. That is, when you are not logged in, you get redirected to the login page, which requires you to be logged in.
I would advise to put all secured pages in a folder and the login page outside. So you can easily adjust the patterns to apply differentiated security settings.

Comment

all the secured pages, are in the employeepush directory
when I add the login page, and the index page, which are outside this directory and give them the role ROLE_ANONYMOUS,ROLE_USER, I get an infinite loop on these pages as wel.

Comment

You're right. I confused these two.
However two things I just spotted: The anonymousProcessingFilter should be declared before filterSecurityInterceptor in the chain (order counts here). And second is, that anonymousAuthenticationProvider is not registered with the AuthenticationManager.

The objectDefinitionSource of the FilterSecurityInterceptor seems to be ok. Still I think that there is somehow a cycle. Is it possible to debug into the code or consult the DEBUG log of acegi to find out more about this?

Comment

well the interceptor just contains a logger statement and a call super(blahblah). The thing is, in the retrieveUser function I do everything, and I pass a valid userDetails Object, with a grantedAuthority. After that for some reason the LockedException occurs, and beats me why, because, the user credentials and password are more then ok.

regards,

J.

Comment

What does your daoAuthenticationProvider bean look like? Eventually you should get an instance implementing UserDetails. Usually that's an User object. On construction this takes a flag concerning the locking of the account. Perhaps you might have a look at that.